Overview

The Audit Log enables you to track, audit, and export your workspace events. All events can be sent as notifications. The Audit Log supports the workspace events listed at the bottom of this page. 

Events that are recorded in your Audit Log do not expire. You can view the full history of events in your workspace from when it was first created.
 

Viewing the Audit Log

In the Fireblocks Console, go to Settings > Audit log.

Searching, filtering, & sorting Audit events

• Enter any text in the search bar to filter results dynamically.
• To filter for specific events, select in the appropriate column header.
• By default, events are listed with the most recent events listed first. Select in the appropriate column header to change the sorting order.

Viewing Audit event details

Select > on the left side of any event to view additional information about the event.

Each row of the Audit Log is an independent event that includes the creation time, subject, event description, and the user or entity that triggered the event.

Exporting Audit events

Go to Settings > Audit log and then select Export .

Indexing Audit events

Learn more about Fireblocks API endpoints that you can use to directly integrate with your security information and event management (SIEM) system.

Audit Log categories and events

This is a comprehensive list of all Audit Log categories, related subjects, and events.

Administration

• Sign-in Events:
  • Successful sign-in
  • Failed sign-in
  • Password change requested
  • Password changed
  • 2FA reset
  • Access denied
• User Management:
  • New user: Submitted request, Approved, Canceled, Rejected
  • Edit user: Submitted request, Approved, Implemented, Canceled, Rejected
  • User deleted
  • User deactivated
  • User role changed
• Mobile Device Management:
  • Device recovery completed
  • Device reset: Approved, Completed, Recovered, Rejected, Submitted request
  • Re-enroll mobile device: Approved, Canceled, Completed, Recovered, Rejected, Submitted request
  • User: Mobile device recovered, Mobile device reset
• Linked User Migration:
  • Initiated by user
  • User paired successfully
  • Activated
  • Deactivated

• Whitelisted IP
  • List updated
• Admin Quorum:
  • Approved
  • Canceled
  • Rejected
  • Submitted request
  • Threshold changed
• One-Time Address:
  • Approved
  • Canceled
  • Rejected
  • Submitted request
  • Turned off
  • Turned on
• User Group Management:
  • Created
  • Changes: Requested, approved, rejected, in effect, cancelled
  • Edited
  • Approved
  • Approved and created
  • Rejected
  • Deleted
  • Discarded edits (Deprecated)
  • Edited (Deprecated)

• Email Notification: Created, Enabled, Disabled, Edited
• Slack Notification: Created, Enabled, Disabled, Edited
• Webhooks Notification: Created, Enabled, Disabled, Edited, Deleted

Assets

• Asset listed
• Asset set price

Automation

• Automation rule
  • Created
  • Edited
  • Enabled
  • Disabled
  • Deleted

Compliance

• Transaction AML
  • Registration completed
  • Registration started
  • Screening completed
  • Screening failed
  • Screening in background
  • Screening started
• Transaction Screening
  • Completed
  • Started
  • Update completed
• Transaction Travel Rule Screening
  • Completed
  • Failed
  • Started
  • Update completed
  • Update started

Developers

• Webhooks
  • Updated URL list updated
• Webhook endpoint
  • Added
  • Deleted
  • Activated
  • Deactivated
  • Updated
  • Suspended
  • Suspension warning sent

Third-party accounts

• Exchange account
  • Linked
  • Unlinked
  • Approved
  • Canceled
  • Rejected
  • Submitted
• Fiat account
  • Approved
  • Rejected
  • Submitted
  • Canceled
  • Linked
  • Unlinked

Keys

• Validation key
  • Submitted request
  • Approved
  • Rejected
  • Activated
  • Deactivated
• Signing key
  • Submitted request
  • Linked to user
  • Enabled
  • Assigned to vault account
  • Deleted
• MPC key set
  • Created
  • Enabled
  • Activated

Policies

• Policy states
  • Rejected policy
  • Signed policy
  • Deleted policy
  • Published policy
  • Discarded policy draft
  • Reverted policy draft
  • Put policy into effect
  • Draft marked as ready to publish
  • Requested policy draft publishing
  • Edited draft
• IP address allowlist activation
  • Submitted
  • Approved by quorum
  • Approved by user
  • Rejected
  • Canceled
  • Failed
• IP address allowlist deactivation
  • Submitted
  • Approved by quorum
  • Approved by user
  • Rejected
  • Canceled
  • Failed
• IP address allowlist
  • Approval submitted
  • Approval approved by quorum
  • Approval approved by user
  • Approval canceled
  • Approval rejected
  • Approval failed
  • Changes submitted
  • Changes approved by quorum
  • Changes approved by user
  • Changes canceled
  • Changes rejected
  • Changes failed
  • Deletion submitted
  • Deletion approved by user
  • Deletion canceled
  • Deletion approved by quorum
  • Deletion rejected
  • Deletion failed

Fireblocks P2P Network

• Network connection
  • Added
  • Created
  • Removed
  • Removed by counterparty
• Network connection invitation
  • Approved by admin
  • Cancelled
  • Received from counterparty
  • Rejected
• Network connection request
  • Approved by admin
  • Cancelled
  • Rejected
  • Submitted
• Network connection routing change
  • Approved
  • Approved by admin
  • Rejected
  • Request submitted
  • Routing changed
• Network discoverability
  • Turned on
  • Turned off
• Network profile
  • Created
  • Removed
• Network profile name change
  • Profile renamed
  • Request submitted
• Network profile routing change
  • Approved
  • Approved by admin
  • Rejected
  • Request submitted
  • Routing changed
  • Waiting for approval

Transactions

• Incoming Transaction:
  • Association failed
  • Completed
  • Submitted
  • Failed to associate incoming tx hash
• Internal Transaction:
  • Completed
  • Submitted
• Outgoing Transaction:
  • Completed
  • Submitted
• External Transaction:
  • Completed
  • Submitted
• Transaction (General):
  • Alerted by AML
  • AML failed
  • AML screening blocking period timed out
  • AML result rescreened
  • Approved by second tier
  • Authorization request initiated
  • Blocked by Policy
  • Bypassed AML
  • Cancelled
  • Completed
  • Confirmation threshold overridden
  • Declined by second tier
  • Funds unfrozen
  • Transaction note changed
  • Rejected
  • Rejected by AML
  • Signed
  • Submitted
• Transaction Screening (Incoming):
  • Started
  • Completed
• Transaction AML (Incoming):
  • Started
  • Completed
  • Failed
  • In background
• Transaction Travel Rule (Incoming):
  • Started
  • Completed
  • Failed

Wallets

• Vault Account
  • Account added
  • Bulk accounts added
  • Archived / unarchived
  • Renamed
  • Auto Fueling: enabled, disabled
  • UI Visibility: set hidden, set visible
  • Deposit address description changed
  • Wallet added
  • Bulk wallets added
  • Wallet: archived, unarchived
• Backup and Recovery
  • Passphrase
    • Sent Verify Alert
    • Verified
  • Hard Key Recovery Process Request Submitted
  • Mobile Key Backed Up
  • Workspace Key Backup
    • Request Submitted
    • Initiated by workspace owner
    • Pending approval
    • Approved by admin / Approved by admin quorum
    • Rejected by one of the admins
    • Cancelled
    • Internal error during generation
    • Marked as incomplete / Marked as completed
    • Backup sent
• Gas Station
  • Low funds
  • Vault changed
  • Sweep transaction initiated
  • Funds deposited
• External Wallet
  • Added
  • Removed
• Internal Wallet
  • Added
  • Removed
• Cold Wallet Device: Less than 10% remaining signatures

Web3

• Allowance amount modified
• Contract
  • Added
  • Removed
• Fireblocks Extension
  • Connected
  • Updated
  • Disconnected
• NFT
  • Marked as Spam
  • Marked as Not Spam

Whitelisted addresses

• Address
  • Whitelisted
  • Removed
• Address Whitelisting
  • Request Submitted
  • Approved by Admin
  • Rejected
  • Canceled